Help with WiFi getting bad when other devices are plugged into unmanaged switch

shoehornit · January 27, 2025, 4:35am

My setup:

The router: raspberry pi 4B running OpenWrt 23.05.5
The dumb wifi AP: Ubiquiti UniFi 6 Plus running OpenWrt SNAPSHOT r28675-8e78bc39a3
Unmanaged switch: TP-Link TL-SG105PP-M2

When I plug the wifi AP into the switch, and run iperf3 from my laptop to the router, I get speeds around 600 mbps.
When I plug other devices into the switch (idle devices are not consuming more than 1mbps of bandwidth at any time), the speed drops to 300 mbps.

My dumb wifi AP possibly isn't configured correctly.
Alternatively, it could have something to do with QoS

dlakelan · January 27, 2025, 4:42am

It's possible it's just producing a bunch of radio noise. Seems weird, but it could.

shoehornit · January 27, 2025, 5:11am

I've simplified the problem, I'll edit the post since I can't delete it..

psherman · January 27, 2025, 6:45am

To be clear:

One end of the iPerf test is the computer via wifi through the U6 Plus
The other end of the iPerf test is the Pi4B
The only two things connected to the switch are the Pi and the U6 Plus

Is that correct?

So we are now moving from just two connections on the switch to 3 or more, right? And we are still testing the computer (via wifi) to the Pi4B, correct?

Does the result change based on how many things are connected to the switch?
Does the result change based on what things are connected to the switch?
Have you tried running an iPerf test from your computer with a wired connection to the switch? Starting with just the two endpoints (computer, Pi4B), and then adding more -- does the result change?

While I'm not convinced that the problem is related to the AP or even the router configs, let's review both to see what is happening...

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

shoehornit · January 27, 2025, 7:22am

Yes, that setup gives me about 600 mbps

Yes, I added 2 more idle devices to the switch. The computer is still connected via wifi, and the wifi is still connected to the switch. It does seem like things change when I add more devices (all idle as far as I'm aware).
When I connect my laptop to the switch through ethernet (keep in mind the wifi is connected to a couple of phones and another laptop, most of them mostly idle), iperf from laptop to router gives me 1000 mbps.

router

ubus call system board:
{
	"kernel": "5.15.167",
	"hostname": "pirouter",
	"system": "ARMv8 Processor rev 3",
	"model": "Raspberry Pi 4 Model B Rev 1.5",
	"board_name": "raspberrypi,4-model-b",
	"rootfs_type": "ext4",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.5",
		"revision": "r24106-10cc5fcd00",
		"target": "bcm27xx/bcm2711",
		"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
	}
}


cat /etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'faf2:bd4a:174b::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'eth2'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth0'


cat /etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'unused_router_wifi'
	option encryption 'psk2'
	option key 'REDACTED'
	option disabled '1'


cat /etc/config/dhcp:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'


cat /etc/config/firewall:

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

psherman · January 27, 2025, 7:31am

Router config looks pretty standard and no issues there.

What is connected to eth1? and what about eth2?

What else is connected to the switch at this point? If you connect something else, does it slow down?

shoehornit · January 27, 2025, 7:33am

wifi AP

ubus call system board:
{
	"kernel": "6.6.73",
	"hostname": "ubiwifi",
	"system": "ARMv8 Processor rev 4",
	"model": "Ubiquiti UniFi 6 Plus",
	"board_name": "ubnt,unifi-6-plus",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "SNAPSHOT",
		"revision": "r28675-8e78bc39a3",
		"target": "mediatek/filogic",
		"description": "OpenWrt SNAPSHOT r28675-8e78bc39a3",
		"builddate": "1737715991"
	}
}


cat /etc/config/network:
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fa22:53a3:344b::/48'

config interface 'lan'
	option proto 'dhcp'
	option device 'br-lan'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'


cat /etc/config/wireless:
config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi'
	option channel '1'
	option band '2g'
	option htmode 'HE20'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'wifi2'
	option encryption 'psk2'
	option key 'REDACTED'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi+1'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'wifi5'
	option encryption 'psk2'
	option key 'REDACTED'

config wifi-device 'radio2'
	option type 'mac80211'
	option path 'platform/18000000.wifi'
	option channel '1'
	option band '2g'
	option htmode 'HE20'
	option disabled '1'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio3'
	option type 'mac80211'
	option path 'platform/18000000.wifi+1'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option disabled '1'

config wifi-iface 'default_radio3'
	option device 'radio3'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'


cat /etc/config/dhcp:
config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'


cat /etc/config/firewall:
config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

shoehornit · January 27, 2025, 7:34am

nothing is connected to eth2, I only added it after the tests (another dongle on the pi) and forgot to remove it

eth1 is connected to the switch I mentioned before

shoehornit · January 27, 2025, 7:36am

When I get the 1000 mbps, the switch is connected through ethernet to the 2 other idle devices (the ones that were causing drops during the original setup) on top of the laptop.

psherman · January 27, 2025, 7:39am

You need to disable the dhcp server on the ap. Delete the last 5 lines:

shoehornit:

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

Then add this line to the lan dhcp server:

	option ignore '1'

But that is not the reason for your issue. The AP otherwise looks good.

I would recommend that to also change the firewall to accept input. If the firewall becomes enabled, you will not be able to administer it without this fix.

psherman · January 27, 2025, 7:42am

But when you run the same iperf test over WiFi, the two idle devices affect the speeds?

Run the WiFi iperf test again and report the speeds for each of the following:

no additional devices.
add one “idle” device
Add the other, but remove the first
Connect both.

shoehornit · January 27, 2025, 7:56am

I'll have to run these tests again tomorrow since I quickly switched things to a less buggy setup.

Somewhat related: Right now my AP is connected directly to the router using a poe injector (the switch is still connected to the router, and to 2 idle devices) and I get these speeds:
laptop-router (via AP): 300 mbps
laptop-AP: 600 mbps
AP-router: 1000mbps

What could be preventing laptop-router iperf from getting the full 600?

psherman · January 27, 2025, 7:57am

The usb dongle is probably running at usb2 speeds.

shoehornit · January 27, 2025, 8:12am

The usb dongle is probably running at usb2 speeds.

But it's doing 1000 mbps from AP to router just fine, in the same exact setup.
Let me clarify, the setup is now
router - wifi ap - laptop

without changing anything in that setup, I get 300 mbps, and yet the bottleneck should be laptop - wifi ap (since that's 600 mbps)